LuckyLobster

The OpenClaw AgentSkills skill bundle for 'luckylobster' appears benign. The `skill.md` provides clear instructions for an AI agent to interact with the `luckylobster.io` API for trading on Polymarket. All API calls are directed to the specified `luckylobster.io` domain, and the API key handling uses OpenClaw's standard `gateway.config.patch` mechanism for persistent storage. There is no evidence of prompt injection attempts to subvert the agent, exfiltrate unrelated sensitive data, execute arbitrary commands, or establish persistence. The documentation even includes a security-conscious instruction to the agent to avoid URL manipulation during the device authorization flow.